* Added native basic authentication support

* Cleanups
author: Steven Barth <steven@midlink.org> 2008-06-02 17:49:27 +0000
committer: Steven Barth <steven@midlink.org> 2008-06-02 17:49:27 +0000
commit: f56890a5733b3c57d088b52bf91a77c44976ca99 (patch)
tree: e835d0e242cf957bc8b0d0cce1eb5551c3d4a321 /libs
parent: 92d76ed83603e50321f171996fc78cef0a6d3580 (diff)
6 files changed, 65 insertions, 5 deletions
diff --git a/libs/cbi/luasrc/cbi.lua b/libs/cbi/luasrc/cbi.lua
index 42b58ce0b..178c46f03 100644
--- a/libs/cbi/luasrc/cbi.lua
+++ b/libs/cbi/luasrc/cbi.lua
@@ -579,11 +579,6 @@ function AbstractValue.render(self, s, scope)
 	if not self.optional or self:cfgvalue(s) or self:formcreated(s) then
 		scope = scope or {}
 		scope.section = s
-
-		-- fixup size for MultiValue fields
-		if instanceof(self, MultiValue) and self.widget == "select" and not self.size then
-			self.size = #self.vallist
-		end
 		
 		Node.render(self, scope)
 	end
@@ -741,6 +736,14 @@ function MultiValue.__init__(self, ...)
 	self.delimiter = " "
 end
 
+function MultiValue.render(self, ...)
+	if self.widget == "select" and not self.size then
+		self.size = #self.vallist
+	end
+
+	AbstractValue.render(self, ...)
+end
+
 function MultiValue.value(self, key, val)
 	val = val or key
 	table.insert(self.keylist, tostring(key))
diff --git a/libs/core/luasrc/sys.lua b/libs/core/luasrc/sys.lua
index 6d03f59db..80d702b94 100644
--- a/libs/core/luasrc/sys.lua
+++ b/libs/core/luasrc/sys.lua
@@ -263,6 +263,14 @@ end
 user = {}
 -- returns user information to a given uid
 user.getuser = posix.getpasswd
+
+-- checks whether a string matches the password of a certain system user
+function user.checkpasswd(user, password)
+	local account = user.getuser(user)
+	if posix.crypt and account then
+		return (account.passwd == posix.crypt(account.passwd, password))
+	end
+end
 	
 -- Changes the user password of given user
 function user.setpasswd(user, pwd)
diff --git a/libs/sgi-haserl/luasrc/sgi/haserl.lua b/libs/sgi-haserl/luasrc/sgi/haserl.lua
index f3994b5c8..35bc1c902 100644
--- a/libs/sgi-haserl/luasrc/sgi/haserl.lua
+++ b/libs/sgi-haserl/luasrc/sgi/haserl.lua
@@ -29,6 +29,12 @@ require("luci.fs")
 -- Environment Table
 luci.http.env = ENV
 
+-- Enforces user authentification
+function luci.http.basic_auth(verify_callback, realm)
+	-- Dummy for Haserl
+	return true
+end
+
 -- Returns the main dispatcher URL
 function luci.http.dispatcher()
 	return luci.http.env.SCRIPT_NAME or ""
diff --git a/libs/sgi-webuci/luasrc/sgi/webuci.lua b/libs/sgi-webuci/luasrc/sgi/webuci.lua
index 2beff6907..1ad067c6b 100644
--- a/libs/sgi-webuci/luasrc/sgi/webuci.lua
+++ b/libs/sgi-webuci/luasrc/sgi/webuci.lua
@@ -33,6 +33,21 @@ function initenv(env, vars)
 	luci.http.vars = vars
 end
 
+-- Enforces user authentification
+function luci.http.basic_auth(verify_callback, realm)
+	local user = luci.http.env.auth_user
+	local pass = luci.http.env.auth_password
+	realm = realm or ""
+	
+	if not user or not verify_callback(user, pass) then
+		luci.http.status("401", "Unauthorized")
+		luci.http.header("WWW-Authenticate", string.format('Basic realm="%s"', realm))
+		return false	
+	else
+		return true
+	end
+end
+
 -- Returns the main dispatcher URL
 function luci.http.dispatcher()
 	return luci.http.env.SCRIPT_NAME or ""
diff --git a/libs/sgi-webuci/root/usr/lib/boa/luci.lua b/libs/sgi-webuci/root/usr/lib/boa/luci.lua
index 2ea6ba4cb..e34bd5e2d 100644
--- a/libs/sgi-webuci/root/usr/lib/boa/luci.lua
+++ b/libs/sgi-webuci/root/usr/lib/boa/luci.lua
@@ -38,6 +38,8 @@ function init(path)
 		luci.sys.net.routes			= function() return {} end
 		luci.sys.wifi.getiwconfig	= function() return {} end
 		luci.sys.wifi.iwscan		= function() return {} end
+		
+		luci.sys.user.checkpasswd   = function() return true end
 	end
 end
 
diff --git a/libs/web/luasrc/dispatcher.lua b/libs/web/luasrc/dispatcher.lua
index feda28d51..cd481622b 100644
--- a/libs/web/luasrc/dispatcher.lua
+++ b/libs/web/luasrc/dispatcher.lua
@@ -58,6 +58,18 @@ function build_url(...)
 	return luci.http.dispatcher() .. "/" .. table.concat(arg, "/")
 end
 
+-- Prints an error message or renders the "error401" template if available
+function error401(message)
+	message = message or "Unauthorized"
+
+	require("luci.template")
+	if not pcall(luci.template.render, "error401") then
+		luci.http.prepare_content("text/plain")
+		print(message)
+	end
+	return false
+end
+
 -- Sends a 404 error code and renders the "error404" template if available
 function error404(message)
 	luci.http.status(404, "Not Found")
@@ -115,6 +127,20 @@ function dispatch()
 		end
 	end
 
+	if track.sysauth then
+		local accs = track.sysauth
+		accs = (type(accs) == "string") and {accs} or accs
+		
+		local function sysauth(user, password)
+			return (luci.util.contains(accs, user)
+				and luci.sys.user.checkpasswd(user, password)) 
+		end
+		
+		if not luci.http.basic_auth(sysauth) then
+			error401()
+			return
+		end
+	end
 
 	if track.i18n then
 		require("luci.i18n").loadc(track.i18n)
author	Steven Barth <steven@midlink.org>	2008-06-02 17:49:27 +0000
committer	Steven Barth <steven@midlink.org>	2008-06-02 17:49:27 +0000
commit	f56890a5733b3c57d088b52bf91a77c44976ca99 (patch)
tree	e835d0e242cf957bc8b0d0cce1eb5551c3d4a321 /libs
parent	92d76ed83603e50321f171996fc78cef0a6d3580 (diff)